Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Story of Snort

Posted by CmdrTaco on from the stuff-to-read dept.

gRitteR writes "HNS is running a story of Martin Roesch, the creator of Snort where he tells the entire story of Snort in his words. Roesch covers seven years of development that made this tool one of the most important security software titles ever developed. It's interesting to get all the details on how Snort was initially conceived as well as how it is expected to develop further now after Check Point acquired Sourcefire. There are many technical details and interesting tidbits not available before."

32 of 58 comments (clear)

  1. Flash audio? by stibles · · Score: 4, Interesting

    Anyone know if there's a transcript of this interview somewhere?

    1. Re:Flash audio? by Vreejack · · Score: 1

      "SERVER STATUS: We are currently being Slashdotted. Please check back soon. "
        This was at 11:24 EDT

      --
      "Will future ages believe that such stupid bigotry ever existed!" -- Ivanhoe
    2. Re:Flash audio? by cmacb · · Score: 1

      Bad combo: Audio content with no transcript; flash presentation (sound only); streaming instead of downloadable; Slashdot.

      I wonder who comes up with this stuff. But I know that at least part of the answer is that it is people who should be doing something else (something not involving computers) for a living.

  2. stuff-to-read dept? by marcantonio · · Score: 2, Funny

    I think someone didn't check this out before it was posted... By someone I mean TACO.

    1. Re:stuff-to-read dept? by KrisW · · Score: 1

      I think the link is correct, it seems to be the linked page that is acting screwy.

      --


      "Think you can take me? Go ahead on. It's your move." --Joe Don Baker in Final Justice
    2. Re:stuff-to-read dept? by tomhudson · · Score: 1, Funny
      I think someone didn't check this out before it was posted... By someone I mean TACO.
      Maybe the story inspired him to SNORT something ...

      Or it could just be that with Hallowe'en coming, slashdot trolls you. Since we're not giving them treats, they're giving us tricks.

    3. Re:stuff-to-read dept? by zootm · · Score: 2, Informative

      Judging by the title of your parent's post, I think he was more concerned that Taco's "department" was the "stuff-to-read" department, yet the main link is in fact an audio recording...

    4. Re:stuff-to-read dept? by LurkerXXX · · Score: 1

      The link is just to a site that points to the interview. It's a flash/audio interview. Not sometehing-to-read unless you've got some sweet audio-to-text converter on your laptop that your browsing with. Last I checked most folks don't normally use Dragon-NaturallySpeeking to browse websites.

    5. Re:stuff-to-read dept? by KrisW · · Score: 1

      Oops, my bad.

      --


      "Think you can take me? Go ahead on. It's your move." --Joe Don Baker in Final Justice
  3. Re:Snort? by Anonymous Coward · · Score: 4, Funny

    Effective immediately, your geek license has been revoked.

  4. Not really intended to be for international by dzafez · · Score: 4, Informative

    This seems to not be intended to be listened to by international Audience. He is talking quite fast and not too easy. a written form would be easier for people with other language backgrounds. I can live with it, as I'm used to the sound of american english, but a written form could help a lot.

    1. Re:Not really intended to be for international by kilauea · · Score: 1, Funny

      There is no such thing as American english!!!

      How I would love to see "the Queens English" on a software installer...

      Gaz

    2. Re:Not really intended to be for international by Anonymous Coward · · Score: 4, Funny

      You have indicated that you wish to bin these dossiers. Shall we?

      [ Right Then ] [ Rubbish ]

      And in a cruel twist of fate, "Rubbish" would cancel the operation.

    3. Re:Not really intended to be for international by RexxFiend · · Score: 1

      I thought she was german!

      --

      A crash reduces
      Your expensive computer
      to a simple stone.
  5. Snort made easy... by fak3r · · Score: 4, Informative

    Let me be the first to recommend n00bs pick up Snort for Dummies, perhaps the best "for Dummies" book I've read; a perfect primer. "If you want to get your feet wet or you've been tasked with deploying a snort system, this is a good way to start. In the typical, humorous, "for dummies" style, this book walks you through getting, setting up and using Snort and the ACID console. The book also covers how to maintain and tweak the system, once it is up and running. A good effort by the authors." For work or for home, there's really no reason not to learn an enterprise level IDS.

    --
    fak3r.com
    1. Re:Snort made easy... by martyroesch · · Score: 5, Informative
      Please, do NOT use ACID!

      ACID is no longer being actively maintained, if you want ACID's functionality you should go get BASE! Better yet, go get SGUIL and use Snort as part of a Network Security Monitoring, you'll be glad you did.

    2. Re:Snort made easy... by diamondsw · · Score: 4, Funny

      Please, do NOT use ACID!

      Too late, dude. Whoa.

      --
      I don't know what kind of crack I was on, but I suspect it was decaf.
  6. What it probably says... by xxxJonBoyxxx · · Score: 4, Informative

    I had the chance to chat with Marty in Baltimore in May 2001 and he basically said this about Snort:

    1) I wrote it over a couple of weekends because I wasn't happy with TCPDump and the commercial tools at hand

    2) Someday I hope to rewrite it

    3) The extensible plug-in architecture saved my ass

    4) I wish the commercial guys would quit ripping it off

    However, it looks like an audio interview...don't have that kind of time anymore.

    1. Re:What it probably says... by xxxJonBoyxxx · · Score: 1

      I tried this, involuntarily, during the last year I was earning my comp sci degree. I have two kids now, so I've learned to appreciate a good 8 (OK, 6) hours of sleep a night.

  7. It begins like this... by utexaspunk · · Score: 1, Funny

    "So we had made this 'cocaine' stuff, and we had tried various methods of getting it into our bloodstream, but none of them seemed to be quick and easy. Then Martin gets this brilliant idea..."

    1. Re:It begins like this... by Anonymous Coward · · Score: 1, Funny

      "So we had made this 'cocaine' stuff, and we had tried various methods of getting it into our bloodstream, but none of them seemed to be quick and easy. Then Martin gets this brilliant idea..."

      You do what Stevie Nicks allegedly did, and have it blown up your ass?

  8. cheap yoke, can't believe nobody else did it yet.. by Thud457 · · Score: 3, Funny

    Finally! I've been waiting fourty years for a sequel to "The Story About Ping"!!!!!

    --

    the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff

  9. Re:cheap yoke, can't believe nobody else did it ye by Thud457 · · Score: 2, Insightful

    errr... an absolutely amazing quote in the link above : " If I'd known then that it would be my most famous accomplishment in life, I might have worked on it another day or two and added some more options."

    --

    the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff

  10. Re:cheap yoke, can't believe nobody else did it ye by BushCheney08 · · Score: 1

    Hehehehe. I was just checking the thread to see if someone else was gonna mention it. If not, I was gonna say something about how nicely The Story of Snort would look next to The Story About Ping.

    --
    Be a real patriot: Question authority. Think for yourself. Formulate your own conclusions.
  11. Snort Exploit! by Anonymous Coward · · Score: 2, Informative

    Links to information:
    First report: http://isc.sans.org/diary.php?storyid=770
    Infocon Yellow: http://isc.sans.org/diary.php?storyid=772
    Intrusion Detection: http://isc.sans.org/diary.php?storyid=782
    Tool: http://isc.sans.org/diary.php?storyid=791

    Hope everyone is safe..

    1. Re:Snort Exploit! by Slashcrap · · Score: 1

      Hope everyone is safe..

      This happens all the time. Which is why anyone with half a brain sets up their Snort box with a "one way" Ethernet cable - inbound traffic only, no ability for the Snort box to talk to anything else if compromised.

      Of course, there are a lot of people running Snort on their home DSL line because watching the huge list of attacks bouncing off their firewall gives them a woody. They're probably screwed, but at least it will be educational for them.

  12. Snort is... by Viree · · Score: 2, Funny

    probably one of the best tools ever developed for open-source / security community. I've got a bad feeling from this whole Check Point acquisition, especially with the major revamp in http://snort.org/. Thankfully there's still http://nessus.org/....wait. Fuck!

  13. non flash by furrywithwings · · Score: 1

    Is there a working transcript or a non-flash link? I'm not installing the key to pretty BLINKING annoyances just to read something interesting.

  14. Snort stories by SeaFox · · Score: 1

    I get the feeling one of the main draws to posting stories about Snort isn't so much the software but so they can make joke headlines and comments about narcotics.

    Checkpoint Aquires Snort - Oct. 6, 2005

    Snort up For Revamp, says Creator - May 24, 2004

    Using Snort Stealthily - Sept. 13, 2002

    Snort Creator Makes Good - July 1, 2002

    Guardent To Sell Snort And Nessus - Dec. 14, 2001

  15. Snot? by bettlebrox · · Score: 1

    For a minute there I thought the title of the story was:

    The History of Snot

    For just a second I was envisoning: Slashdot, news for nerds, boogers shat matters ...

    --

    I have a very small mind and must live with it.
    -- E. Dijkstra

  16. Picture with Martin by uan · · Score: 1

    I got to meet Martin Roesch a month ago and got some pictures of us shaking hands to take home!

    --
    http://83p.unitedti.org/
  17. Using BASE to analyze Snort data by vaiism · · Score: 1

    BigAdmin has an article that describes storing Snort alert output in a MySQL database and using the web front end BASE to analyze the data. Sounded pretty interesting... http://www.sun.com/bigadmin/features/articles/snor t_base.html